Refer to the exhibit. Given the output shown, what can be determined?
A.
An attacker has sent a spoofed DHCP address.
B.
An attacker has sent a spoofed ARP response that violates a static mapping.
C.
The MAC address has matched a deny rule within the ACL.
D.
This is an invalid proxy ARP packet, as indicated by the 0000.0000.0000 MAC address on the
destination
Explanation:
You can create an extended ACL with MAC address mapping.
If you have a spoofed arp then the message will be different than ACL-DENY – it will be DHCP
Snooping Deny.
http://www.cisco.com/en/US/docs/switches/datacenter/sw/4_1/nx-os/security/configuration/guide/sec_arpinspect.html#wp1125009
3550(config-arp-nacl)#permit ip host 192.168.69.25 mac host 000c.2957.6b39 log
This will permit a host with an IP of 192.168.69.25 and a Mac of 00-0c-29-57-6b-39 to arp on the
network.If Host 2 attempts to send an ARP request with the IP address 10.0.0.1, DAI drops the request
and logs the following system message:
00:18:08: %SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Ethernet1/4, vlan
1.([0001.0001.0001/10.0.0.1/0000.0000.0000/0.0.0.0/01:53:21 UTC Fri Jun 13 2008])
00:12:08: %SW_DAI-4-DHCP_SNOOPING_DENY: 2 Invalid ARPs (Req) on Ethernet2/3, vlan
1.([0002.0002.0002/10.0.0.3/0000.0000.0000/0.0.0.0/02:42:35 UTC Fri Jul 13 2008])